Module org.elasticsearch.security
Class SamlLogoutRequestHandler
java.lang.Object
org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
org.elasticsearch.xpack.security.authc.saml.SamlLogoutRequestHandler
Processes a LogoutRequest for an IdP-initiated logout.
-
Nested Class Summary
Nested Classes -
Field Summary
Fields inherited from class org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
decrypter, logger, SAML_NAMESPACE -
Method Summary
Modifier and TypeMethodDescriptionparseFromQueryString(String queryString) Processes the provided LogoutRequest and extracts the NameID and SessionIndex.Methods inherited from class org.elasticsearch.xpack.security.authc.saml.SamlObjectHandler
checkIdpSignature, checkIssuer, decodeBase64, describe, describe, getSpConfiguration, inflate, maxSkewInMillis, now, parseQueryStringAndValidateSignature, parseSamlMessage, text, text, validateNotOnOrAfter
-
Method Details
-
parseFromQueryString
Processes the provided LogoutRequest and extracts the NameID and SessionIndex. Returns these in aSamlAttributesobject with an empty attributes list.The recommended binding for Logout (for maximum interoperability) is HTTP-Redirect. Under this binding the signature is applied to the query-string (including parameter names and url-encoded/base64-encoded/deflated values). Therefore in order to properly validate the signature, this method operates on a raw query- string.
- Throws:
ElasticsearchSecurityException- If the SAML is invalid for this realm/configuration
-